On Mon, 27 Aug 2001, David Brownlee wrote:

> 	I would strongly prefer it to be left as it is. At the moment you
> 	can set a password then ssh in remotely to finish the
> 	configuration of the box (via an automated tool in some cases).

Not without configuring your network and starting ssh as well. Also
running ntpdate, if you don't want to risk incorrect timestamps on the
things you automatically configured. There's enough things happening here
manually that I don't consider updating the config file or generating
a fresh config file (which can be easily automated) a big extra.

> 	Changing the default means an additional file to manually modify
> 	at the console before any remote configuration can be done.

The alternative, leaving it as it is, means poking a hole in the default
security policy--a hole that didn't exist until we started shipping ssh
with the system.

We generally try to default to "as secure as possible" mode for freshly
installed systems, and we've accepted in the past that this can make
installs more difficult in some cases. I don't see how this is different.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 3 5778 0123   http://www.netbsd.org
    Don't you know, in this new Dark Age, we're all light.  --XTC